CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs
First published: Mon Oct 21 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs There are some cases, such as the one uncovered by Commit 46d4efcccc68 ("drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails") where msm_gpu_cleanup() : platform_set_drvdata(gpu->pdev, NULL); is called on gpu->pdev == NULL, as the GPU device has not been fully initialized yet. Turns out that there's more than just the aforementioned path that causes this to happen (e.g. the case when there's speedbin data in the catalog, but opp-supported-hw is missing in DT). Assigning msm_gpu->pdev earlier seems like the least painful solution to this, therefore do so. Patchwork: https://patchwork.freedesktop.org/patch/602742/
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux kernel | <6.6.55 | |
| Linux kernel | >=6.7<6.10.14 | |
| Linux kernel | >=6.11<6.11.3 | |
| Linux Kernel | <6.6.55 | |
| Linux Kernel | >=6.7<6.10.14 | |
| Linux Kernel | >=6.11<6.11.3 | |
| debian/linux | <=5.10.223-1<=5.10.234-1<=6.1.129-1<=6.1.128-1 | 6.12.20-1 6.12.21-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/9288a9676c529ad9c856096db68fad812499bc4a
- https://git.kernel.org/stable/c/9773737375b20070ea935203fd66cb9fa17c5acb
- https://git.kernel.org/stable/c/e8ac2060597a5768e4699bb61d604b4c09927b85
- https://git.kernel.org/stable/c/16007768551d5bfe53426645401435ca8d2ef54f
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49901
- https://nvd.nist.gov/vuln/detail/CVE-2024-49901
- https://launchpad.net/bugs/cve/CVE-2024-49901
- https://security-tracker.debian.org/tracker/CVE-2024-49901
- https://ubuntu.com/security/CVE-2024-49901
- https://git.kernel.org/linus/16007768551d5bfe53426645401435ca8d2ef54f
Frequently Asked Questions
What is the severity of CVE-2024-49901?
CVE-2024-49901 is classified as a moderate severity vulnerability in the Linux kernel.
How do I fix CVE-2024-49901?
To fix CVE-2024-49901, update the Linux kernel to version 6.6.55 or later.
What versions of the Linux kernel are affected by CVE-2024-49901?
CVE-2024-49901 affects Linux kernel versions prior to 6.6.55, and versions between 6.7 and 6.10.14, and between 6.11 and 6.11.3.
What components are affected by CVE-2024-49901?
CVE-2024-49901 impacts the DRM subsystem within the Linux kernel, particularly related to the Adreno GPUs.
What specific issue does CVE-2024-49901 resolve?
CVE-2024-49901 resolves a nullptr dereference that could occur when speedbin setting fails in the Adreno GPU driver.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- agent/remedy
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/usn-cve
- source/Ubuntu
- collector/launchpad-cve
- source/Launchpad
- agent/references
- agent/source
- agent/softwarecombine
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/description
- agent/event
- collector/nvd-cve
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.7
- version/linux kernel/6.11
- package-manager/debian